4.4. The Script Command Line
Some systems support a method for supplying an array of strings to
the CGI script. This is only used in the case of an ‘indexed’ HTTP
query, which is identified by a ‘GET’ or ‘HEAD’ request with a URI
query string that does not contain any unencoded “=” characters. For
such a request, the server SHOULD treat the query-string as a
search-string and parse it into words, using the rules
search-string = search-word *( “+” search-word )
search-word = 1*schar
schar = unreserved | escaped | xreserved
xreserved = “;” | “/” | “?” | “:” | “@” | “&” | “=” | “,” |
”$”
After parsing, each search-word is URL-decoded, optionally encoded in
a system-defined manner and then added to the command line argument
list.
If the server cannot create any part of the argument list, then the
server MUST NOT generate any command line information. For example,
the number of arguments may be greater than operating system or
server limits, or one of the words may not be representable as an
argument.
The script SHOULD check to see if the QUERY_STRING value contains an
unencoded “=” character, and SHOULD NOT use the command line
arguments if it does.

From: Rasmus Lerdorf lerdorf.com>
Subject: [PHP-DEV] php-cgi command line switch memory check
Newsgroups: gmane.comp.php.devel
Date: 2004-02-04 23:26:41 GMT (7 years, 49 weeks, 3 days, 20 hours and 39 minutes ago)
In our SAPI cgi we have a check along these lines:
if (getenv(“SERVER_SOFTWARE”)
|| getenv(“SERVER_NAME”)
|| getenv(“GATEWAY_INTERFACE”)
|| getenv(“REQUEST_METHOD”)) {
cgi = 1;
}
//在这里进行判定，如果CGI程序运行在网络环境中，不对提交的参数进行解析，这样是没有漏洞的，但是由于某些原因进行了移除。
if(!cgi) getopt(…)
As in, we do not parse command line args for the cgi binary if we are
running in a web context. At the same time our regression testing system
tries to use the cgi binary and it sets these variables in order to
properly test GET/POST requests. From the regression testing system we
use -d extensively to override ini settings to make sure our test
environment is sane. Of course these two ideas conflict, so currently our
regression testing is somewhat broken. We haven’t noticed because we
don’t have many tests that have GET/POST data and we rarely build the cgi
binary.